We recently deployed Crowd to manage access to our various Atlassian applications. We're having a workflow issue with our users. Every time a user needs to change their password this happens:
1. user requests password reset.
2. helpdesk uses Crowd to generate reset email.
3. user resets password by following link.
4. user finds themselves at the Crowd login prompt.
5. user tries to login to Crowd and it fails. They contact the helpdesk to say their password reset didn't work.
6. helpdesk and user spend 15 frustrating minutes trying to figure out what's wrong.
7. helpdesk realizes the user is trying to log into Crowd instead of Confluence or Jira.
I understand what's happening - the user is trying to log into the wrong application, and they aren't authorized to use Crowd. But this is creating a bad user experience. And its happening on almost every password reset for any non-technical user. (Technical users still encounter the issue, but recognize they are at the Crowd login screen and are able to connect the dots.)
Is there a fix for this? It's very confusing for some of our users, and busting an otherwise successful rollout. Am I just supposed to tell users, "here's your Crowd account, but you can't login to Crowd. So reset your Crowd password, don't log into crowd, and do a 'u-turn' if you reach the crowd login page."
That may sound like a silly question but why aren't your users authorized to log into Crowd's self-service console?
Thanks for responding. I wasn't aware there was a self-service console. And I can't seem to find any options to enable it. Non-administrators just get an error message at login ("Incorrect username or password"). I googled around a bit, and it seems like it's just supposed to exist and users get directed to it automatically. Not sure if this is a permissions/group membership issue, or a system config/install issue...
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
The self-service console ('My profile') is part of the Crowd application itself. You do not need to enable it, it is already there.
You just need to add your users directory to the list of the authorized directories for the Crowd application in Crowd's console itself and allow all users to authenticate (or maybe you want to allow only groups like jira-software-users, confluence-users).
If a user is a Crowd administrator, she/he will see all tabs (e.g. Applications, Directories, Users, Groups) when logging into Crowd. If a user is not an administrator, she/he will only see the 'My profile' page which allows her/him to change her/his password (Crowd administrators are defined in the Administrators tab of the Crowd application in Crowd's console).
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Fixed. Applications > Crowd > Directories and Groups > Configure Authentication > Allow all users from this directory to authenticate. It was set-up so that only users in the administrators group could log in.
Thank you for the help that pushed me in the right direction.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You're welcome, I'm glad it helped!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.